SimpleSAML\Module\metaedit\Controller\MetaEditor

Complexity

Total Complexity

21

Size/Duplication

Total Lines	208
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

5 Methods

Rating	Name	Duplication	Size	Complexity
A	requireOwnership()	0	9	3
B	edit()	0	88	10
A	__construct()	0	6	1
A	import()	0	4	1
B	main()	0	44	6

<?php

declare(strict_types=1);

namespace SimpleSAML\Module\metaedit\Controller;

use Exception;
use SAML2\Constants;
use SimpleSAML\Auth;
use SimpleSAML\Configuration;
use SimpleSAML\Error;
use SimpleSAML\Metadata;
use SimpleSAML\Module\metaedit\MetaEditor as Editor;
use SimpleSAML\Session;
use SimpleSAML\Utils;
use SimpleSAML\XHTML\Template;
use Symfony\Component\HttpFoundation\Request;

use function array_key_exists;
use function array_pop;

/**
 * Controller class for the metaedit module.
 *
 * This class serves the different views available in the module.
 *
 * @package simplesamlphp/simplesamlphp-module-metaedit
 */
class MetaEditor
{
    /** @var \SimpleSAML\Configuration */
    protected Configuration $config;

    /** @var \SimpleSAML\Session */
    protected Session $session;


    /**
     * Controller constructor.
     *
     * It initializes the global configuration and session for the controllers implemented here.
     *
     * @param \SimpleSAML\Configuration $config The configuration to use by the controllers.
     * @param \SimpleSAML\Session $session The session to use by the controllers.
     *
     * @throws \Exception
     */
    public function __construct(
        Configuration $config,
        Session $session
    ) {
        $this->config = $config;
        $this->session = $session;
    }


    /**
     * Main index
     *
     * @param \Symfony\Component\HttpFoundation\Request $request The current request.
     *
     * @return \SimpleSAML\XHTML\Template
     */
    public function main(Request $request): Template
    {
        /* Load simpleSAMLphp, configuration and metadata */
        $moduleConfig = Configuration::getConfig('module_metaedit.php');

        $mdh = new Metadata\MetaDataStorageHandlerSerialize($moduleConfig->getValue('metahandlerConfig', null));

It seems like $moduleConfig->getValue('metahandlerConfig', null) can also be of type null; however, parameter $config of SimpleSAML\Metadata\MetaDataStorageHandlerSerialize::__construct() does only seem to accept array, maybe add an additional type check?

        $authsource = $moduleConfig->getValue('auth', 'login-admin');
        $useridattr = $moduleConfig->getValue('useridattr', 'eduPersonPrincipalName');

        $as = new Auth\Simple($authsource);
        $as->requireAuth();
        $attributes = $as->getAttributes();

        // Check if userid exists
        if (!isset($attributes[$useridattr])) {
            throw new Error\Exception('User ID is missing');
        }
        $userid = $attributes[$useridattr][0];

        $delete = $request->get('delete');
        if ($delete !== null) {
            $premetadata = $mdh->getMetadata($delete, 'saml20-sp-remote');
            $this->requireOwnership($premetadata, $userid);

It seems like $premetadata can also be of type null; however, parameter $metadata of SimpleSAML\Module\metaedit\Controller\MetaEditor::requireOwnership() does only seem to accept array, maybe add an additional type check?

            $mdh->deleteMetadata($delete, 'saml20-sp-remote');
        }

        $list = $mdh->getMetadataSet('saml20-sp-remote');

        $slist = ['mine' => [], 'others' => []];
        foreach ($list as $listitem) {
            if (array_key_exists('owner', $listitem)) {
                if ($listitem['owner'] === $userid) {
                    $slist['mine'][] = $listitem;
                    continue;
                }
            }
            $slist['others'][] = $listitem;
        }

        $t = new Template($this->config, 'metaedit:metalist.twig');
        $t->data['metadata'] = $slist;
        $t->data['userid'] = $userid;
        return $t;
    }


    /**
     * Editor
     *
     * @param \Symfony\Component\HttpFoundation\Request $request The current request.
     *
     * @return \SimpleSAML\XHTML\Template
     */
    public function edit(Request $request): Template
    {
        /* Load configuration and metadata */
        $moduleConfig = Configuration::getConfig('module_metaedit.php');

        $mdh = new Metadata\MetaDataStorageHandlerSerialize($moduleConfig->getValue('metahandlerConfig', null));

It seems like $moduleConfig->getValue('metahandlerConfig', null) can also be of type null; however, parameter $config of SimpleSAML\Metadata\MetaDataStorageHandlerSerialize::__construct() does only seem to accept array, maybe add an additional type check?

        $authsource = $moduleConfig->getValue('auth', 'login-admin');
        $useridattr = $moduleConfig->getValue('useridattr', 'eduPersonPrincipalName');

        $as = new Auth\Simple($authsource);
        $as->requireAuth();

        $attributes = $as->getAttributes();
        // Check if userid exists
        if (!isset($attributes[$useridattr])) {
            throw new Error\Exception('User ID is missing');
        }
        $userid = $attributes[$useridattr][0];

        $entityId = $request->get('entityid');
        $xmlMetadata = $request->get('xmlmetadata');

        if ($entityId !== null) {
            $metadata = $mdh->getMetadata($entityId, 'saml20-sp-remote');
            $this->requireOwnership($metadata, $userid);

It seems like $metadata can also be of type null; however, parameter $metadata of SimpleSAML\Module\metaedit\Controller\MetaEditor::requireOwnership() does only seem to accept array, maybe add an additional type check?

        } elseif ($xmlMetadata !== null) {
            $xmlUtils = new Utils\XML();
            $xmlUtils->checkSAMLMessage($xmldata, 'saml-meta');

The variable $xmldata seems to be never defined.

            $entities = Metadata\SAMLParser::parseDescriptorsString($xmlMetadata);
            $entity = array_pop($entities);
            $metadata =  $entity->getMetadata20SP();

            /* Trim metadata endpoint arrays. */
            $metadata['AssertionConsumerService'] = [
                Utils\Config\Metadata::getDefaultEndpoint(
                    $metadata['AssertionConsumerService'],
                    [Constants::BINDING_HTTP_POST]
                )
            ];
            $metadata['SingleLogoutService'] = [
                Utils\Config\Metadata::getDefaultEndpoint(
                    $metadata['SingleLogoutService'],
                    [Constants::BINDING_HTTP_REDIRECT]
                )
            ];
        } else {
            $metadata = [
                'owner' => $userid,
            ];
        }

        $editor = new Editor();

        if ($request->get('submit')) {
            $editor->checkForm($request->request);

$request->request of type Symfony\Component\HttpFoundation\InputBag is incompatible with the type array expected by parameter $request of SimpleSAML\Module\metaedit\MetaEditor::checkForm().

            $metadata = $editor->formToMeta($request->request, [], ['owner' => $userid]);

$request->request of type Symfony\Component\HttpFoundation\InputBag is incompatible with the type array expected by parameter $request of SimpleSAML\Module\metaedit\MetaEditor::formToMeta().

            $wasEntityId = $request->get('was-entityid');
            if (($wasEntityId !== null) && ($wasEntityId !== $metadata['entityid'])) {
                $premetadata = $mdh->getMetadata($_REQUEST['was-entityid'], 'saml20-sp-remote');
                $this->requireOwnership($premetadata, $userid);
                $mdh->deleteMetadata($_REQUEST['was-entityid'], 'saml20-sp-remote');
            }

            $testmetadata = null;

The assignment to $testmetadata is dead and can be removed.

            try {
                $testmetadata = $mdh->getMetadata($metadata['entityid'], 'saml20-sp-remote');
            } catch (Exception $e) {
                // catch
            }

            if ($testmetadata) {
                $this->requireOwnership($testmetadata, $userid);
            }

            $result = $mdh->saveMetadata($metadata['entityid'], 'saml20-sp-remote', $metadata);
            if ($result === false) {
                throw new Error\Exception("Could not save metadata. See log for details");
            }

            return new Template($this->config, 'metaedit:saved.twig');
        }

        $form = $editor->metaToForm($metadata);

        $t = new Template($this->config, 'metaedit:formedit.twig');
        $t->data['form'] = $form;
        $t->send();

In this branch, the function will implicitly return null which is incompatible with the type-hinted return SimpleSAML\XHTML\Template. Consider adding a return statement or allowing null as return value.

    }


    /**
     * Importer
     *
     * @param \Symfony\Component\HttpFoundation\Request $request The current request.
     *
     * @return \SimpleSAML\XHTML\Template
     */
    public function import(Request $request): Template

The parameter $request is not used and could be removed.

    {
        /* Load simpleSAMLphp, configuration and metadata */
        return new Template($this->config, 'metaedit:xmlimport.twig');
    }


    /**
     * @param array $metadata
     * @param string $userid
     * @return void
     */
    private function requireOwnership(array $metadata, string $userid): void
    {
        if (!isset($metadata['owner'])) {
            throw new Exception('Metadata has no owner. Which means no one is granted access, not even you.');
        }

        if ($metadata['owner'] !== $userid) {
            throw new Exception(
                'Metadata has an owner that is not equal to your userid, hence you are not granted access.'
            );
        }
    }
}